Maintainability
Rule documentation
Learn everything about our rules, and how to leverage them drive absolute quality in your development team.
70 articles in this collection
Written by Lorenzo Frattini and Gabriele Gallo Stampino
Written by Lorenzo Frattini and Gabriele Gallo Stampino
Common Weakness Enumeration mapping
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
What types of rules are supported by Clayton?
Choose your rules from our catalog
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Security best practices
Import of sensitive fields in Lightning Web Components (LWC)
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Direct DOM manipulation in Lightning Web Components (LWC)
Detect LWC templates that use direct DOM manipulation and bypass the secure Shadow DOM provided by the Lightning Web Components
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Sensitive information storage
Detect when sensitive information like tokens, secrets are stored insecurely.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Sensitive information logging
Inspect the data model definition, and ensure sensitive information isn’t logged or exposed unsafely to avoid data leaks.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Excessive data access permissions
Detects the use of "ViewAllData" and "ViewAllRecords" in profiles.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Subresource integrity
Detect subresource integrity vulnerabilities.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Content Security Policy (CSP)
Make sure that resources used by Visualforce or Lightning components are retrieved securely in accordance to your Content Security Policy.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Insecure endpoints
Ensure HTTP callouts use secured endpoints (HTTPS) to protect your application and users from attack.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Named credentials
Enforce using named credentials instead of manually hard-wiring credentials when performing HTTP requests.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Randomization of cryptographic keys
Detect uses of cryptography with hard-wired keys, so that the security of encrypted data is not compromised.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Coding best practices
Call to blocklisted method
Detects any call to a method that is part of a block list.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Identify methods with global visibility
Detects methods that can be referenced from outside a managed package.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Asynchronous methods in loops
Prevent the use of asynchronous Apex methods (@future) inside loops, to help your application cope with larger volumes of data properly.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Boundaries on SOQL statements
Ensure all SOQL statements are either bound by either a LIMIT or by a WHERE clause.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Bulkification of triggers
Ensure your Apex triggers can process data in bulks and properly deal with larger volumes.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Business logic in triggers
Detect the presence of non-trivial business logic inside Apex triggers.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Metadata API recency
Ensure your components are up to date with a recent enough version of the Salesforce API.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Multiple triggers per object
Detect multiple triggers on the same object, and prevent non-deterministic behaviours.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Nested IFs
Keep your code easy to read and test by containing the use of nested conditional structures.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Number of arguments per method
Limit the number of arguments allowed for each method to keep your code easy to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Number of methods per class
Limit the number of methods allow per each Apex class, to encourage good design.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Send email in loops
Prevent uses of Messaging.sendEmail inside loops, to reduce the risk of running into governor limits.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Database operations
Direct access utility class
Detects any direct usage of SOQL in Apex classes.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Data manipulation utility class
Detects any direct usage of DML methods in Apex Classes.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
CRUD and Field-Level Security
Ensure that CRUD permissions and Field-Level Security are enforced in Visualforce and Lightning, to avoid exposing sensitive data.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Data access in loops
Prevent the use of any SOQL or DML inside loops to help your application cope with larger volumes of data properly.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Data manipulation in constructors
Prevent all constructors from writing in to the database, so that creation of objects does not have any data-altering side-effects.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Exception handling
Enforce the presence of a try/catch block to handle possible exceptions around DML statements.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Sharing
Ensure proper sharing behaviour on classes that access data or expose it data in views or APIs.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Transaction control
Enforce the use of transaction control (savepoints and rollbacks) when multiple database operations are performed within the same block.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Hardcoded IDs
Hardcoded IDs in code
Detect any hardcoded record IDs in your Lightning controllers and Apex classes and triggers.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Hardcoded IDs in configuration
Detect any hardcoded record IDs inside configuration fields such as formulas.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Lightning best practices
Inline JavaScript
Prevent the use of inline JavaScript to ensure proper separation of concern between model and view in your Lightning components.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Unsafe JavaScript
Prevent any use of the unsafe eval method in your Lightning controllers to reduce security risk
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions
Naming conventions on Aura Controller Property
Keep your Aura property names consistent and easy to read and maintain.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Naming conventions on Apex classes
Keep your class names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions on Apex triggers
Keep your trigger names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions on Apex methods
Keep your method names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions for Apex variables
Keep your variable names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Optimizations
Inactive Workflow Rules
workflow rules that are inactive and therefore can be removed.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Inactive Workflows
Find workflows that don't contain any active rules.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Possibly Unexposed Object Fields
Highlight object fields that are not directly included in any views, nor retrieved by any queries.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Possibly Unused Apex Triggers
Highlight triggers that are not directly invoked by code.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Optimized loading of resources
Make sure any inclusion of static resources such as scripts or stylesheets leverage the appropriate built-in optimizations.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Unnecessary code detection
Detect unused or empty methods, interfaces that are never implemented, and more unnecessary code.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Testing best practices
Identify test coverage cheats
Detect methods that have been introduced as an attempt to cheat test coverage.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Assertions with comments
Use this rule to ensure all assertions include explanatory comments.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Minimum number of assertions
Enforce a requirement on the minimum number of assertions for any test methods.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Test data isolation
Ensure that test methods create their own data and don't access actual data in your org.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Untested methods
Identify Apex methods that aren't covered by any unit tests.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Use of @IsTest annotation
Keep your test cleaner using the @IsTest annotation, instead of using the deprecated testMethod keyword.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Use of test data factories
Ensure test data are created using factory methods, to limit the code maintenance needed when changing validation rules.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Visualforce best practices
Salesforce1 compatibility in Visualforce
Ensure your Visualforce customizations work on the Salesforce1 mobile app.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
User-friendly messages in Visualforce
Ensure that Visualforce pages and components display errors in a user-friendly manner.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Visualforce view state optimization
Keep the size of the Visualforce view state lean, in order to minimize loading times and avoid hitting governor limits.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Vulnerability protection
Protection against known JavaScript vulnerabilities
Detect Javascript libraries that might expose your application to known vulnerabilities.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Arbitrary Page Redirect
Detect statements that might expose your app to Arbitrary Page Redirect vulnerability.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Cross-Site Scripting (XSS)
Detect expressions that might be vulnerable to Cross-Site Scripting (XSS) in Apex, Visualforce and Lightning components.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Cross-Site Request Forgery (CSRF)
Detect Cross-Site Request Forgery vulnerabilities in your Salesforce app.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Insecure Direct Object References
Detect insecure direct object references (DOR) and avoid accidentally exposing sensitive data in your app.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
SOQL/SOSL Injection
Ensure user-supplied input is sanitized before using it in dynamic SOQL or SOSL queries.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Inactive flows and processes
Detects flows and processes that are left in the metadata, although they are no longer active.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Inactive validation rules
Detects validation rules that are left in the metadata, although they are no longer active.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Objects with an excessive number of custom fields
Detects objects with an excessive number of custom fields, which makes them hard to maintain.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
High complex flows and processes
Detects processes with an excessive number of decisions, which makes them hard to test and maintain.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
High complex Apex methods
Detect methods with that are excessively complex and that are therefore hard to maintain.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
High complex Apex files
Detect Apex files that are excessively complex and that are therefore hard to maintain.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago